Load external postgresql and redis passwords from existing secrets
This commit is contained in:
parent
0a43690170
commit
6a969afbcb
5 changed files with 41 additions and 8 deletions
|
@ -6,7 +6,7 @@ icon: https://matrix.org/images/matrix-logo.svg
|
||||||
appVersion: 1.44.0
|
appVersion: 1.44.0
|
||||||
|
|
||||||
type: application
|
type: application
|
||||||
version: 2.1.12
|
version: 2.1.13-rc-1
|
||||||
maintainers:
|
maintainers:
|
||||||
- name: Alexander Olofsson
|
- name: Alexander Olofsson
|
||||||
email: ace@haxalot.com
|
email: ace@haxalot.com
|
||||||
|
|
|
@ -170,7 +170,7 @@ Set postgresql password
|
||||||
{{- define "matrix-synapse.postgresql.password" -}}
|
{{- define "matrix-synapse.postgresql.password" -}}
|
||||||
{{- if .Values.postgresql.enabled -}}
|
{{- if .Values.postgresql.enabled -}}
|
||||||
{{- default "" .Values.postgresql.postgresqlPassword }}
|
{{- default "" .Values.postgresql.postgresqlPassword }}
|
||||||
{{- else -}}
|
{{- else if not (and .Values.externalPostgresql.existingSecret .Values.externalPostgresql.existingSecretPasswordKey) -}}
|
||||||
{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
|
{{ required "A valid externalPostgresql.password is required" .Values.externalPostgresql.password }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
@ -255,7 +255,7 @@ Set redis password
|
||||||
{{- define "matrix-synapse.redis.password" -}}
|
{{- define "matrix-synapse.redis.password" -}}
|
||||||
{{- if .Values.redis.enabled -}}
|
{{- if .Values.redis.enabled -}}
|
||||||
{{ .Values.redis.password }}
|
{{ .Values.redis.password }}
|
||||||
{{- else -}}
|
{{- else if .Values.externalRedis.password -}}
|
||||||
{{ .Values.externalRedis.password }}
|
{{ .Values.externalRedis.password }}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
|
|
@ -81,19 +81,29 @@ spec:
|
||||||
-c /synapse/config/homeserver.yaml \
|
-c /synapse/config/homeserver.yaml \
|
||||||
-c /synapse/config/conf.d/
|
-c /synapse/config/conf.d/
|
||||||
env:
|
env:
|
||||||
{{- if .Values.postgresql.enabled }}
|
{{- if or .Values.postgresql.enabled .Values.externalPostgresql.existingSecret }}
|
||||||
- name: POSTGRES_PASSWORD
|
- name: POSTGRES_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
{{- if .Values.postgresql.enabled }}
|
||||||
name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }}
|
name: {{ .Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" .) }}
|
||||||
key: postgresql-password
|
key: postgresql-password
|
||||||
|
{{- else }}
|
||||||
|
name: {{ .Values.externalPostgresql.existingSecret }}
|
||||||
|
key: {{ .Values.externalPostgresql.existingSecretPasswordKey }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and .Values.redis.enabled (default .Values.redis.usePassword true) }}
|
{{- end }}
|
||||||
|
{{- if or (and .Values.redis.enabled (default .Values.redis.usePassword true)) .Values.externalRedis.existingSecret }}
|
||||||
- name: REDIS_PASSWORD
|
- name: REDIS_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
{{- if .Values.redis.enabled }}
|
||||||
name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }}
|
name: {{ .Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" .) }}
|
||||||
key: redis-password
|
key: redis-password
|
||||||
|
{{- else }}
|
||||||
|
name: {{ .Values.externalRedis.existingSecret }}
|
||||||
|
key: {{ .Values.externalRedis.existingSecretPasswordKey }}
|
||||||
|
{{- end -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with .Values.synapse.extraEnv }}
|
{{- with .Values.synapse.extraEnv }}
|
||||||
{{- . | toYaml | nindent 12 }}
|
{{- . | toYaml | nindent 12 }}
|
||||||
|
|
|
@ -73,7 +73,7 @@ spec:
|
||||||
|
|
||||||
{{- with $config.extraCommands | default $default.extraCommands }}
|
{{- with $config.extraCommands | default $default.extraCommands }}
|
||||||
{{ range . }}
|
{{ range . }}
|
||||||
{{ . }}
|
{{ . | nindent 14 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -83,19 +83,29 @@ spec:
|
||||||
-c /synapse/config/conf.d/ \
|
-c /synapse/config/conf.d/ \
|
||||||
-c /synapse/config/{{ $name }}.worker
|
-c /synapse/config/{{ $name }}.worker
|
||||||
env:
|
env:
|
||||||
{{- if $.Values.postgresql.enabled }}
|
{{- if or $.Values.postgresql.enabled $.Values.externalPostgresql.existingSecret }}
|
||||||
- name: POSTGRES_PASSWORD
|
- name: POSTGRES_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
{{- if $.Values.postgresql.enabled }}
|
||||||
name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }}
|
name: {{ $.Values.postgresql.existingSecret | default (include "matrix-synapse.postgresql.fullname" $) }}
|
||||||
key: postgresql-password
|
key: postgresql-password
|
||||||
|
{{- else }}
|
||||||
|
name: {{ $.Values.externalPostgresql.existingSecret }}
|
||||||
|
key: {{ $.Values.externalPostgresql.existingSecretPasswordKey }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if and $.Values.redis.enabled (default $.Values.redis.usePassword true) }}
|
{{- end }}
|
||||||
|
{{- if or (and $.Values.redis.enabled (default $.Values.redis.usePassword true)) $.Values.externalRedis.existingSecret }}
|
||||||
- name: REDIS_PASSWORD
|
- name: REDIS_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
|
{{- if $.Values.redis.enabled }}
|
||||||
name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }}
|
name: {{ $.Values.redis.existingSecret | default (include "matrix-synapse.redis.fullname" $) }}
|
||||||
key: redis-password
|
key: redis-password
|
||||||
|
{{- else }}
|
||||||
|
name: {{ $.Values.externalRedis.existingSecret }}
|
||||||
|
key: {{ $.Values.externalRedis.existingSecretPasswordKey }}
|
||||||
|
{{- end -}}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- with $config.extraEnv | default $default.extraEnv }}
|
{{- with $config.extraEnv | default $default.extraEnv }}
|
||||||
{{- . | toYaml | nindent 12 }}
|
{{- . | toYaml | nindent 12 }}
|
||||||
|
|
|
@ -619,6 +619,13 @@ externalPostgresql:
|
||||||
port: 5432
|
port: 5432
|
||||||
username: synapse
|
username: synapse
|
||||||
# password: synapse
|
# password: synapse
|
||||||
|
|
||||||
|
## The name of an existing secret with postgresql credentials
|
||||||
|
#existingSecret: postgres-secrets
|
||||||
|
|
||||||
|
## Password key to be retrieved from existing secret
|
||||||
|
#existingSecretPasswordKey: postgres-password
|
||||||
|
|
||||||
database: synapse
|
database: synapse
|
||||||
# sslmode: prefer
|
# sslmode: prefer
|
||||||
|
|
||||||
|
@ -661,6 +668,12 @@ externalRedis:
|
||||||
port: 6379
|
port: 6379
|
||||||
# password: synapse
|
# password: synapse
|
||||||
|
|
||||||
|
## The name of an existing secret with redis credentials
|
||||||
|
#existingSecret: redis-secrets
|
||||||
|
|
||||||
|
## Password key to be retrieved from existing secret
|
||||||
|
#existingSecretPasswordKey: redis-password
|
||||||
|
|
||||||
## Persistence configuration for the media repository function.
|
## Persistence configuration for the media repository function.
|
||||||
## This PVC will be mounted in either Synapse or a media_repo worker.
|
## This PVC will be mounted in either Synapse or a media_repo worker.
|
||||||
##
|
##
|
||||||
|
|
Loading…
Reference in a new issue